#2639 closed task (wontfix)
DMARC validation failed - header_from: faunalia.it
| Reported by: | pcav | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Sysadmin Contract 2022-I |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
We are receiving reports of failed DMARC validations for emails sent by 140.211.15.3 (osgeo6.osgeo.osuosl.org) with the following identifier:
<header_from>faunalia.it</header_from> <envelope_from>lists.osgeo.org</envelope_from>
Some examples of the reports:
<?xml version="1.0"?>
<feedback>
<report_metadata>
<org_name>Verizon Media</org_name>
<email>dmarchelp@verizonmedia.com</email>
<report_id>1631582081.170348</report_id>
<date_range>
<begin>1631491200</begin>
<end>1631577599</end>
</date_range>
</report_metadata>
<policy_published>
<domain>faunalia.it</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>140.211.15.3</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>faunalia.it</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>faunalia.it</domain>
<selector>mail</selector>
<result>permerror</result>
</dkim>
<spf>
<domain>lists.osgeo.org</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<version>1.0</version>
<report_metadata>
<org_name>esa3.hc726-32.eu.iphmx.com</org_name>
<email>MAILER-DAEMON@esa3.hc726-32.eu.iphmx.com</email>
<extra_contact_info></extra_contact_info>
<report_id>803ff8$ba13321=3cf9959c31e36f60@esa3.hc726-32.eu.iphmx.com</report_id>
<date_range>
<begin>1631484004</begin>
<end>1631570403</end>
</date_range>
</report_metadata>
<policy_published>
<domain>faunalia.it</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>140.211.15.3</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>faunalia.it</header_from>
<envelope_from>lists.osgeo.org</envelope_from>
</identifiers>
<auth_results>
<dkim>
<domain>faunalia.it</domain>
<selector>mail</selector>
<result>permerror</result>
</dkim>
<spf>
<domain>lists.osgeo.org</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback
<?xml version="1.0"?>
<feedback>
<version>1.0</version>
<report_metadata>
<org_name>Fastmail Pty Ltd</org_name>
<email>reports@fastmaildmarc.com</email>
<extra_contact_info>https://fastmail.com/</extra_contact_info>
<report_id>524846272</report_id>
<date_range>
<begin>1631491200</begin>
<end>1631577599</end>
</date_range>
</report_metadata>
<policy_published>
<domain>faunalia.it</domain>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
<fo>0</fo>
</policy_published>
<record>
<row>
<source_ip>140.211.15.3</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
<reason>
<type>trusted_forwarder</type>
<comment>Policy ignored due to local white list</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<envelope_from>lists.osgeo.org</envelope_from>
<header_from>faunalia.it</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>faunalia.it</domain>
<selector>mail</selector>
<result>fail</result>
<human_result>fail (message has been altered)</human_result>
</dkim>
<spf>
<domain>lists.osgeo.org</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
Right now we have a "none" DMARC policy, but we are planning on enforcing it in the near future. As far as I can understand, Osgeo misconfigured the headers. If I'm not wrong, this could be a problem for many other domains, so I thought it is of general interest and worth fixing.
Thanks for any intervention.
Attachments (4)
Change History (17)
by , 3 years ago
| Attachment: | esa3.hc726-32.eu.iphmx.com!faunalia.it!1631484004!1631570403.xml added |
|---|
by , 3 years ago
| Attachment: | fastmail.com!faunalia.it!1631491200!1631577599!524846272.xml added |
|---|
by , 3 years ago
| Attachment: | hostserv.co.za!faunalia.it!1631491200!1631577599!1412420.xml added |
|---|
by , 3 years ago
| Attachment: | yahoo.fr!faunalia.it!1631491200!1631577599.xml-1 added |
|---|
comment:1 by , 3 years ago
comment:2 by , 3 years ago
| Milestone: | Unplanned → Sysadmin Contract 2021-II |
|---|
comment:3 by , 3 years ago
Thank you. Yes, as far as I can tell they are coming from lists.osgeo.org.
comment:4 by , 3 years ago
You know which lists? I think it would be specific to the list as each list has it's own settings. Take a look at #2475
comment:5 by , 3 years ago
We don't have any definitive evidence at this point, but we think that it could be the lizmap list.
comment:6 by , 3 years ago
I think the problem is rather serious, as it may trigger rejection of valid messages from other domains. We're available for more testing and action if we can be useful.
comment:7 by , 3 years ago
Is it just lizmap list you have trouble with? The lizmap admin if that list should be taking care of that.
comment:9 by , 2 years ago
| Milestone: | Sysadmin Contract 2021-II → Sysadmin Contract 2022-I |
|---|
Ticket retargeted after milestone closed
comment:10 by , 2 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Going to close this out. I think it's a misconfigured mailing list so requires mailing list admins to handle.
comment:12 by , 2 years ago
No each mailing list admin manages their own mailing list. So I'm assuming whoever is managing lizmap needs to be informed and configure their dmarc_moderation_action to "munge from" as discussed in.
Is this for mail coming via mailing lists. I recall we had this issue and we put in changes so mailing lists can fix this themselves. If it is coming from mailing list can you be specific as to the mailing lists? If it is some other mail e.g gitea or trac please let us know.